Legal news and trends for Canadian in-house counsel and c-suite executives
Issue link: https://digital.canadianlawyermag.com/i/479188
33 canadianlawyermag.com/inhouse April 2015 The hackers have gotten in. Now what? Seth rOGan'S brow furrows, then his eyes widen. He is sitting next to James Franco and he clearly cannot believe what he is hearing. "Are you saying . . ." he begins. It is a scene from The Interview, the re- cent fi lm in which Rogan and Franco star as members of a TV program who are asked by the CIA to assassinate North Korea's Kim Jong-un. While the reaction of Rogan's character to this request is understandable, it is probably just a fraction of the surprise and horror that ran across the faces of ex- ecutives at Sony Pictures Entertainment, the studio which produced The Interview, when the entire company was hit with a data breach that exposed highly confi dential information and rendered most of its com- puter systems inoperable. Unfortunately, the Sony Pictures cy- ber attack is only the latest in an increas- ingly high-profi le set of incidents involving brand-name organizations. In fact, 2014 may go down as a banner year in which Tar- get, Home Depot, and several others found themselves trying to explain not only what information was lost, but how it could have happened in the fi rst place. Although many of the major headlines concerned fi rms in the United States, Canada has hardly been immune, with the Treasury Board Secretar- iat responding to data breaches at the Na- tional Research Council, Canada Revenue Agency, and others. All this means the role of general counsel in helping to prevent data breaches, or con- tribute to the response plan, will be more important in the coming year than ever before. Consider the following elements as you develop a more proactive cyber-securi- ty strategy in 2015. Turn Panicked headlines inTo an acTion Plan The media coverage of a hacker attack may raise uncomfortable questions about how well-prepared your own organization would be in similar circumstances. General coun- sel shouldn't hide from these questions but capitalize on the interest. "You always kind of say, 'There but by the grace of God go I,'" says Alexis Kerr, gen- eral counsel for Fraser Health Authority in British Columbia. "It does help to have those types of stories to bring it to the attention of the board, of senior management or your executive, depending on what kind of orga- nization you are. You're able to say, 'These things do get a lot of attention,' particularly when there was some kind of failing by the organization to do the groundwork it should have done." Adam Kardash, privacy law leader at Osler Hoskin and Harcourt LLP, agreed. "We're already seeing a palpable change across our client base and in a number of different sectors in how senior management and those at the board level are addressing cyber-security threats," he says. "One of the main reasons for that are the press reports and blog reports about the increase in the sophistication and volume of cyber-security threats. Companies now are just beginning to focus much more signifi cantly on making sure that they have the appropriate data gov- ernance in place." If it's not already an agenda item, use some Data breach notifi cation plans seem increasingly important in the wake of high-profi le disasters. Here's where in-house teams can help. BY SHANE SCHiCK I n d u s t r y s p o t l i g h t